Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
1PW & Scam Apps
Hello,
This article was published in Australia by the public media (like PBS in USA).
Here is my question -- and also how to ask this question of 1PW staff?
Does 1PW help prevent falling for...
1P_Dave
Moderator
ModeratorHello dzinn! 👋
Thank you for the question! That's definitely an eye-opening article and it reminds all of us that we need to be vigilant regarding the apps that we install on our devices. The article mentions:
Octo targets Android phones
It sounds like iPhones aren't the target of this particular attack. I wanted to mention that since you posted your question in the iOS category on the forum here. All apps in the Apple App Store go through a review process by Apple which serves to reduce the risk of malware being published to the App Store for users to download by mistake. The process isn't foolproof but it is an additional protection.
Always double-check to make sure that the app that you're installing is legitimate. You can look for things such as:
- The number, and age, of reviews.
- How long the app has been on the App Store. An established bank is not likely to have just published their app yesterday.
- Whether that specific app is linked to from the bank's official webpage.
On the iPhone and iPad, 1Password uses iOS AutoFill to fill your logins into apps. iOS AutoFill will only suggest your bank login inside of an app if that bank has associated that specific app with it's domain. For example, if you're using Tangerine bank here in Canada you can see that Tangerine has listed its app's ID on its website here: https://www.tangerine.ca/.well-known/apple-app-site-association
If the app doesn't match the right associated domain then AutoFill won't suggest your bank login. You can still choose to manually fill a login (or copy and paste your password) and that's where you need to be careful that you're filling logins into legitimate apps.
Another angle/question -- can 1PW be 'tricked' (somehow?) into allowing 1PW info to be entered into a Scam site?
Websites are a slightly different story but 1Password can help protect you there as well. 1Password in the browser, our extension, will only suggest logins if they match the website address that you've stored in 1Password. This helps to protect you from fake websites that may look like the real website but aren't. You can read more about how 1Password protects you against certain phishing attacks here:
Let me know if you have any questions.
-Dave
